With over three decades of experience, NAC has established itself as a trusted partner in providing innovative solutions for hydraulic, pneumatic, suspension, and fuel control systems for ground combat vehicles. Their professional staff of experienced engineers ensures the highest quality standards, from initial concept to product delivery, while adhering to ISO 9001:2015 certification and export compliance regulations. Offering a comprehensive range of capabilities, NAC handles all aspects of the design and development process in-house, including manifold machining, product assembly, kitting, and testing of hydraulic, pneumatic, suspension, and fuel products. With a strong track record of delivering custom solutions, NAC’s products are deployed worldwide, making them a trusted name in the defense industry.

As a trusted provider of control systems for a large prime manufacturer in the defense sector, NAC was required to adopt strict cybersecurity requirements to protect Controlled Unclassified Information (CUI).

One of the primary hurdles in achieving CMMC compliance was understanding how to identify and effectively manage CUI in a manufacturing-intensive environment. Information used to support manufacturing operations ranged from original paper part drawings to digital CAD and bill of material files. To effectively protect CUI, the organization had to identify the various sources and develop an approach to manage access. Once data was catalogued, it was necessary to implement advanced security measures such as continuous monitoring, access control, and data encryption. NAC ultimately decided to find an external resource that could help navigate the process and implement the necessary solutions. 

The outcome met near term requirements by identifying CUI sources, categorizing compliance gaps, developing a System Security Plan (SSP), and creating a Plan of Action with Milestones (POAM). Two years later, as more emphasis was placed on the timeline for meeting overall requirements, NAC reengaged Security Vitals to help implement the Compliance as a Service (CaaS) offering.

The offering allowed NAC to bridge resource gaps by contracting expert guidance, tools, and continuous support to navigate the complex requirements of NIST 800-171. CaaS helped the firm dramatically reduce the burden of compliance, effectively manage operational costs, and confidently meet the standards, all while focusing on expanding its core business…manufacturing products.

Knowing that compliance is covered has allowed senior leadership to focus on strategy and execution of their core business while continuing to grow revenue. Annual assessments coupled with ongoing monitoring, training, and updates to the SSP/POAM have provided NAC with managed compliance and predictable costs. By meeting these challenges head-on, NAC has successfully addressed CMMC compliance while simultaneously meeting supply chain requirements mandated by its prime contractor.

Sean Steiner, Director of Operations for  NAC explained, “it was important to find a local resource that specialized in meeting the CMMC requirements.” He continued, “Security Vitals has consistently met their commitments and delivers ongoing compliance services for a reasonable [fixed] monthly fee that is less than what it would cost to do it ourselves [by hiring an employee to manage it].”